[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Novel use of Usenet and remailers to mailbomb from [email protected]
At 10:25 PM 1/12/96 GMT, John Lull wrote:
>On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
>
>> Cypherpunks: is there any way to respond to, or prevent, this sort of
>> attack short of actually shutting down the remailer?
>
>Yes, very simply.
>
>The remailer could calculate a hash for the body of each encrypted
>message received (the same portion which will be decrypted by PGP),
>tabulate the last few thousand hashes, and simply discard any messages
>with a duplicate hash. The target of the attack would receive only
>the first copy of the message.
I am afraid it is not that simple. Remember that the mailbombing consists
of many, many horny little geeks responding to a single message. They are
replying to the same message (and probibly adding a few "me too!" lines),
not mailing the same one over and over again.
Another idea would be to keep a md5 (or other) hash list of the reply block
used and have a disabled list for such spam attacks. (Unfortunatly this
requires code, thus time.)
Pretty nasty variation on a "denial of service" attack. What next? Fake
"David Rhodes does e-cash" messages with the target's e-mail address?
Alan Olsen -- [email protected] -- Contract Web Design & Instruction
`finger -l [email protected]` for PGP 2.6.2 key
http://www.teleport.com/~alano/
"Is the operating system half NT or half full?"